Security Advisory

CVE-2022-39365

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-10-27 00:00:00

Last updated 2025-04-23 16:42:09

Assigner GitHub_M

State PUBLISHED

Description

Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinitionLayoutText` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually.

← Browse all CVEs View on cve.org ↗